AML 4 MSB 7. Risk-Based Approach
So - you've appointed a Nominated Officer, and maybe even a Compliance Officer.
"Once you have identified and assessed the risks of money laundering and terrorist financing associated with your business, you must ensure that you put in place appropriate controls and procedures to reduce and manage them. They'll help to decide the appropriate level of due diligence to apply to each customer and beneficial owner. It's likely that there will be a standard level of due diligence that will apply to most customers (who will present a relatively low risk of money laundering and terrorist financing), based upon your business's risk assessment."
Here - you can make allowances for the fact that not all customers and transactions are created equal. Do you have business that qualifies for simplified due diligence? In what circumstances might you want to take a close look at a customer (ie Enhanced Due Diligence)?
Examples of risk-based controls (from the guidance) include:
- Introducing a customer identification and verification programme that varies depending on the assessed level of risk
- requiring additional customer identity evidence in higher risk situations
- reviewing low risk customers and applying more due diligence where changes are apparent which alter the risk profile associated with a customer
- varying the level of monitoring of customer transactions and activities depending on the assessed level of risk or activities that might be unusual or suspicious
Once you have everything in place, it's important to recognise that managing aml / tf risks is an ongoing process, not a one-off. You should monitor the effectiveness of your controls regularly, update and improve them.
Or you could ask someone to help you with that. Ahem. Just saying.
Next - Customer Due Diligence.